EXECUTIVE SUMMARY:
Across 2019, the world has seen a sharp rise in data breaches involving stolen medical records.
International nation-state groups are sometimes culprits, and many of the largest nation-state attacks seem to target specific medical research. For example, multiple Chinese hacker groups are targeting cancer treatments, as cancer mortality rates in China are rapidly increasing.
Patient information extracted from attacks on healthcare systems and health research institutions has recently been discovered on black market forums online. A 4.31-gigabyte file of data from a US organization fetched $2,000 on the dark web. The contents of the file included driver’s license information, insurance information, and protected health information, all of which could be weaponized to commit fraud.
While cybersecurity plans, processes, and procedures do frequently exist within medical settings, naturally, the first priority of any healthcare facility is to attend to patients.
Within some healthcare organizations, the perception among higher-ups is “Here comes IT again, asking for more money,” as Cheryl Martin of the American Health Information Management Association puts it.
- One means of mitigating data loss is to establish a role that focuses on appropriately housing information and that keeps close tabs on who is accessing it, and where it is going, both internally and externally.
- Another significant tactic is to increase staff member awareness and education regarding the potential for cyber threats. According to Martin, hospitals most commonly fall prey to phishing attacks.
- For small-to medium-sized hospital systems, hiring a third-party provider to manage the cybersecurity may reduce the burden of hiring an in-house cybersecurity team, reduce costs, and allow organizations to keep ahead of the hackers.
For more information, visit Healthcare Finance News.